iredmail-doc/html/network.ports.html

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Which network ports are open by iRedMail</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>
    
    <div id="navigation">
    <a href="/index.html" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
<table>
<thead>
<tr>
<th>Port</th>
<th>Service</th>
<th>Software</th>
<th>Comment</th>
<th>Allow Public Access?</th>
</tr>
</thead>
<tbody>
<tr>
<td>25</td>
<td>smtp</td>
<td>Postfix</td>
<td>Normal smtp service, used for server-to-server communication.</td>
<td>YES</td>
</tr>
<tr>
<td>587</td>
<td>submission</td>
<td>Postfix</td>
<td>a.k.a. SMTP over TLS. Used by end users to send/submit email.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>465</td>
<td>smtps</td>
<td>Postfix</td>
<td>a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>110</td>
<td>pop3</td>
<td>Dovecot</td>
<td>Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>995</td>
<td>pop3s</td>
<td>Dovecot</td>
<td>Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>143</td>
<td>imap</td>
<td>Dovecot</td>
<td>Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>993</td>
<td>imaps</td>
<td>Dovecot</td>
<td>Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended.</td>
<td>YES (open to your end users)</td>
</tr>
<tr>
<td>4190</td>
<td>managesieve</td>
<td>Dovecot</td>
<td>Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in <code>/etc/services</code> file).</td>
<td>YES (open to your end users, or disabled and force users to manage mail filters with webmail)</td>
</tr>
<tr>
<td>80</td>
<td>http</td>
<td>Apache/Nginx</td>
<td>Web service</td>
<td>YES (open to your webmail users)</td>
</tr>
<tr>
<td>443</td>
<td>https</td>
<td>Apache/Nginx</td>
<td>Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.</td>
<td>YES (open to your webmail users)</td>
</tr>
<tr>
<td>3306</td>
<td>mysql</td>
<td>MySQL/MariaDB</td>
<td>MySQL/MariaDB database service</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>5432</td>
<td>postgresql</td>
<td>PostgreSQL</td>
<td>PostgreSQL database service</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>389</td>
<td>ldap</td>
<td>OpenLDAP (or OpenBSD ldapd)</td>
<td>LDAP service, STARTTLS is available for secure connection.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>636</td>
<td>ldaps</td>
<td>OpenLDAP (or OpenBSD ldapd)</td>
<td>LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>10024</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>10026</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>9998</td>
<td></td>
<td>Amavisd-new</td>
<td>Used to manage quarantined emails.</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
<tr>
<td>7777</td>
<td></td>
<td>iRedAPD</td>
<td>Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc</td>
<td>NO (listen on <code>127.0.0.1</code> by default)</td>
</tr>
</tbody>
</table>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on
port 10031. They have been removed in iRedMail-0.9.3, and replaced by
iRedAPD.</p>
</div><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<script type="text/javascript">
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-3293801-21', 'auto');
  ga('send', 'pageview');
</script>
</body></html>